top | item 37528465

(no title)

twleo | 2 years ago

Looks good. I hate how IOS does, especially with certificate pinning, so I cannot use my ad-block http mitmproxy to block ads in Apps.

EDIT: thanks for people clarifying that pinning is done by Apps and not by IOS.

discuss

kelnos|2 years ago

That's not necessarily specific to iOS. Certificate pinning is usually done inside an app, not at the OS level. An app can choose to ignore the system certificate store and, for example, pin the cert used to talk to its private API. This is possible both on iOS and Android.

jeroenhd|2 years ago

Another note: cert pinning is made very easy by Android as well (just needs a fingerprint in an XML file).

It's a good feature for security (stalkerware remains a huge problem) but it does suck from a reverse engineering standpoint.

ShrimpHawk|2 years ago

iOS is even easier than Android to add system certificates and can be done without rooting or jailbreaking the device unlike android. cert pinning is done by the apps not the system.

WirelessGigabit|2 years ago

Would you mind sharing your setup?

twleo|2 years ago

https://github.com/epitron/mitm-adblock

https://github.com/barre/privaxy

jiofj|2 years ago

cert pinning is done by the apps, not by the OS

rwmj|2 years ago

That's a distinction without a difference in these tightly controlled ecosystems.